This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Daily Archives: February 24, 2023
ZDI-23-155: Adobe Photoshop Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-156: Adobe Bridge Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-157: Open Design Alliance (ODA) Drawing SDK DGN File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
python-django3-3.2.18-1.fc38
FEDORA-2023-a74513bda8
Packages in this update:
python-django3-3.2.18-1.fc38
Update description:
Security fixes for CVE-2022-24580 and CVE-2023-41323
python-django3-3.2.18-1.el8
FEDORA-EPEL-2023-934b856e97
Packages in this update:
python-django3-3.2.18-1.el8
Update description:
Security fixes for CVE-2022-24580 and CVE-2023-41323
python-django3-3.2.18-1.fc36
FEDORA-2023-3d775d93be
Packages in this update:
python-django3-3.2.18-1.fc36
Update description:
Security fixes for CVE-2022-24580 and CVE-2023-41323
python-django3-3.2.18-1.fc37
FEDORA-2023-bde7913e5a
Packages in this update:
python-django3-3.2.18-1.fc37
Update description:
Security fixes for CVE-2022-24580 and CVE-2023-41323
Companies urged to patch critical vulnerability in Fortinet FortiNAC
Proof-of-concept exploit code is now available for a critical vulnerability in Fortinet FortiNAC appliances and attackers have already started using it in the wild. Users are advised to patch their systems as soon as possible.
FortiNAC is a zero-trust network access solution that can be deployed both as a hardware device or as a virtual machine appliance. It is used for network segmentation, visibility, and control of devices and users connected to the network. As such, it can be deployed at the network perimeter, making it an easier target for internet-based attacks. According to Shodan scans, more than 700,000 Fortinet devices are connected to the internet around the world.
DSA-5361 tiff – security update
Several flaws were found in tiffcrop, a program distributed by tiff, the Tag
Image File Format (TIFF) library and tools. A specially crafted tiff file
can lead to an out-of-bounds write or read resulting in a denial of service.